VYPR

Wonderware Intouch 2014

by Schneider Electric

CVEs (6)

  • CVE-2017-14024CriNov 13, 2017
    risk 0.64cvss 9.8epss 0.06

    A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. The stack-based buffer overflow vulnerability has been identified, which may allow…

  • CVE-2017-13997CriOct 3, 2017
    risk 0.64cvss 9.8epss 0.05

    A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server…

  • CVE-2015-0999Mar 29, 2015
    risk 0.00cvss epss 0.00

    Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file.

  • CVE-2015-0998Mar 29, 2015
    risk 0.00cvss epss 0.01

    Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.

  • CVE-2015-0997Mar 29, 2015
    risk 0.00cvss epss 0.02

    Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote attackers to obtain access via a brute-force…

  • CVE-2015-0996Mar 29, 2015
    risk 0.00cvss epss 0.00

    Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to…